]> git.saurik.com Git - apple/xnu.git/blob - bsd/man/man2/ptrace.2
xnu-1228.tar.gz
[apple/xnu.git] / bsd / man / man2 / ptrace.2
1 .\" $OpenBSD: ptrace.2,v 1.3 1996/10/08 01:20:12 michaels Exp $
2 .\" $NetBSD: ptrace.2,v 1.3 1996/02/23 01:39:41 jtc Exp $
3 .\"
4 .\" This file is in the public domain.
5 .Dd November 7, 1994
6 .Dt PTRACE 2
7 .Os
8 .Sh NAME
9 .Nm ptrace
10 .Nd process tracing and debugging
11 .Sh SYNOPSIS
12 .Fd #include <sys/types.h>
13 .Fd #include <sys/ptrace.h>
14 .Ft int
15 .Fn ptrace "int request" "pid_t pid" "caddr_t addr" "int data"
16 .Sh DESCRIPTION
17 .Fn ptrace
18 provides tracing and debugging facilities. It allows one process (the
19 .Em tracing
20 process) to control another (the
21 .Em traced
22 process). Most of the time, the traced process runs normally, but when
23 it receives a signal
24 .Po
25 see
26 .Xr sigaction 2
27 .Pc ,
28 it stops. The tracing process is expected to notice this via
29 .Xr wait 2
30 or the delivery of a
31 .Dv SIGCHLD
32 signal, examine the state of the stopped process, and cause it to
33 terminate or continue as appropriate.
34 .Fn ptrace
35 is the mechanism by which all this happens.
36 .Pp
37 The
38 .Fa request
39 argument specifies what operation is being performed; the meaning of
40 the rest of the arguments depends on the operation, but except for one
41 special case noted below, all
42 .Fn ptrace
43 calls are made by the tracing process, and the
44 .Fa pid
45 argument specifies the process ID of the traced process.
46 .Fa request
47 can be:
48 .Bl -tag -width 12n
49 .It Dv PT_TRACE_ME
50 This request is one of two used by the traced process; it declares
51 that the process expects to be traced by its parent. All the other
52 arguments are ignored. (If the parent process does not expect to trace
53 the child, it will probably be rather confused by the results; once the
54 traced process stops, it cannot be made to continue except via
55 .Eo \&
56 .Fn ptrace
57 .Ec \&.)
58 When a process has used this request and calls
59 .Xr execve 2
60 or any of the routines built on it
61 .Po
62 such as
63 .Xr execv 3
64 .Pc ,
65 it will stop before executing the first instruction of the new image.
66 Also, any setuid or setgid bits on the executable being executed will
67 be ignored.
68 .It Dv PT_DENY_ATTACH
69 This request is the other operation used by the traced process; it allows
70 a process that is not currently being traced to deny future traces by its
71 parent. All other arguments are ignored. If the process is currently
72 being traced, it will exit with the exit status of ENOTSUP; otherwise,
73 it sets a flag that denies future traces. An attempt by the parent to
74 trace a process which has set this flag will result in a segmentation violation
75 in the parent.
76 .It Dv PT_CONTINUE
77 The traced process continues execution.
78 .Fa addr
79 is an address specifying the place where execution is to be resumed (a
80 new value for the program counter), or
81 .Li (caddr_t)1
82 to indicate that execution is to pick up where it left off.
83 .Fa data
84 provides a signal number to be delivered to the traced process as it
85 resumes execution, or 0 if no signal is to be sent.
86 .It Dv PT_STEP
87 The traced process continues execution for a single step. The
88 parameters are identical to those passed to
89 .Dv PT_CONTINUE.
90 .It Dv PT_KILL
91 The traced process terminates, as if
92 .Dv PT_CONTINUE
93 had been used with
94 .Dv SIGKILL
95 given as the signal to be delivered.
96 .It Dv PT_ATTACH
97 This request allows a process to gain control of an otherwise unrelated
98 process and begin tracing it. It does not need any cooperation from
99 the to-be-traced process. In this case,
100 .Fa pid
101 specifies the process ID of the to-be-traced process, and the other two
102 arguments are ignored. This request requires that the target process
103 must have the same real UID as the tracing process, and that it must
104 not be executing a setuid or setgid executable. (If the tracing
105 process is running as root, these restrictions do not apply.) The
106 tracing process will see the newly-traced process stop and may then
107 control it as if it had been traced all along.
108 .It Dv PT_DETACH
109 This request is like PT_CONTINUE, except that it does not allow
110 specifying an alternate place to continue execution, and after it
111 succeeds, the traced process is no longer traced and continues
112 execution normally.
113 .El
114 .Pp
115 .Sh ERRORS
116 Some requests can cause
117 .Fn ptrace
118 to return
119 .Li -1
120 as a non-error value; to disambiguate,
121 .Va errno
122 can be set to 0 before the call and checked afterwards. The possible
123 errors are:
124 .Bl -tag -width 4n
125 .It Bq Er ESRCH
126 No process having the specified process ID exists.
127 .It Bq Er EINVAL
128 .Bl -bullet -compact
129 .It
130 A process attempted to use
131 .Dv PT_ATTACH
132 on itself.
133 .It
134 The
135 .Fa request
136 was not one of the legal requests.
137 .It
138 The signal number (in
139 .Fa data )
140 to
141 .Dv PT_CONTINUE
142 was neither 0 nor a legal signal number.
143 .It
144 .Dv PT_GETREGS ,
145 .Dv PT_SETREGS ,
146 .Dv PT_GETFPREGS ,
147 or
148 .Dv PT_SETFPREGS
149 was attempted on a process with no valid register set. (This is
150 normally true only of system processes.)
151 .El
152 .It Bq Er EBUSY
153 .Bl -bullet -compact
154 .It
155 .Dv PT_ATTACH
156 was attempted on a process that was already being traced.
157 .It
158 A request attempted to manipulate a process that was being traced by
159 some process other than the one making the request.
160 .It
161 A request (other than
162 .Dv PT_ATTACH )
163 specified a process that wasn't stopped.
164 .El
165 .It Bq Er EPERM
166 .Bl -bullet -compact
167 .It
168 A request (other than
169 .Dv PT_ATTACH )
170 attempted to manipulate a process that wasn't being traced at all.
171 .It
172 An attempt was made to use
173 .Dv PT_ATTACH
174 on a process in violation of the requirements listed under
175 .Dv PT_ATTACH
176 above.
177 .El
178 .El